Toward a Broader View of Security Protocols

Computer and network security researchers usually focus on the security of computers and networks. Although it might seem as if there is more than enough insecurity here to keep all of us fully occupied for the foreseeable future, this narrow view of our domain may actually be contributing to the very problems that we are trying to solve. We miss important insights from, and opportunities to make contributions to, a larger world that has been grappling with security since long before the computer was invented

More security or less insecurity

We depart from the conventional quest for ‘Completely Secure Systems’ and ask ‘How can we be more Secure’. We draw heavily from the evolution of the Theory of Justice and the arguments against the institutional approach to Justice. Central to our argument is the identification of redressable insecurity, or weak links. Our contention is that secure systems engineering is not really about building perfectly secure systems but about redressing manifest insecurities.Final Accepted Versio

Stirling Convertor Control for a Concept Rover at NASA Glenn Research Center

The U.S. Department of Energy (DOE), Lockheed Martin Space Systems Company (LMSSC), Sunpower Inc., and NASA Glenn Research Center (GRC) have been developing an Advanced Stirling Radioisotope Generator (ASRG) for potential use as an electric power system for space science missions. This generator would make use of the free-piston Stirling cycle to achieve higher conversion efficiency than currently used alternatives. NASA GRC initiated an experiment with an ASRG simulator to demonstrate the functionality of a Stirling convertor on a mobile application, such as a rover. The ASRG simulator made use of two Advanced Stirling Convertors to convert thermal energy from a heat source to electricity. The ASRG simulator was designed to incorporate a minimum amount of support equipment, allowing integration onto a rover powered directly by the convertors. Support equipment to provide control was designed including a linear AC regulator controller, constant power controller, and Li-ion battery charger controller. The ASRG simulator is controlled by a linear AC regulator controller. The rover is powered by both a Stirling convertor and Li-ion batteries. A constant power controller enables the Stirling convertor to maintain a constant power output when additional power is supplied by the Li-ion batteries. A Li-ion battery charger controller limits the charging current and cut off current of the batteries. This paper discusses the design, fabrication, and implementation of these three controllers

Advanced Stirling Convertor Testing at NASA Glenn Research Center

The U.S. Department of Energy (DOE), Lockheed Martin Space Systems (LMSS), Sunpower Inc., and NASA Glenn Research Center (GRC) have been developing an Advanced Stirling Radioisotope Generator (ASRG) for use as a power system on space science and exploration missions. This generator will make use of the free-piston Stirling convertors to achieve higher conversion efficiency than currently available alternatives. The ASRG will utilize two Advanced Stirling Convertors (ASC) to convert thermal energy from a radioisotope heat source to electricity. NASA GRC has initiated several experiments to demonstrate the functionality of the ASC, including: in-air extended operation, thermal vacuum extended operation, and ASRG simulation for mobile applications. The in-air and thermal vacuum test articles are intended to provide convertor performance data over an extended operating time. These test articles mimic some features of the ASRG without the requirement of low system mass. Operation in thermal vacuum adds the element of simulating deep space. This test article is being used to gather convertor performance and thermal data in a relevant environment. The ASRG simulator was designed to incorporate a minimum amount of support equipment, allowing integration onto devices powered directly by the convertors, such as a rover. This paper discusses the design, fabrication, and implementation of these experiments

Risk factors for mortality from imported falciparum malaria in the United Kingdom over 20 years: an observational study

Objectives To determine which travellers with malaria are at greatest risk of dying, highlighting factors which can be used to target health messages to travellers. Design Observational study based on 20 years of UK national data. Setting National register of malaria cases. Participants 25 054 patients notified with Plasmodium falciparum malaria, of whom 184 died, between 1987 and 2006. Main outcome measures Comparison between those with falciparum malaria who died and non-fatal cases, including age, reason for travel, country of birth, time of year diagnosed, malaria prophylaxis used. Results Mortality increased steadily with age, with a case fatality of 25/548 (4.6%) in people aged >65 years, adjusted odds ratio 10.68 (95% confidence interval 6.4 to 17.8), P<0.001 compared with 18–35 year olds. There were no deaths in the ≤5 year age group. Case fatality was 3.0% (81/2740 cases) in tourists compared with 0.32% (26/8077) in travellers visiting friends and relatives (adjusted odds ratio 8.2 (5.1 to 13.3), P<0.001). Those born in African countries with endemic malaria had a case fatality of 0.4% (36/8937) compared with 2.4% (142/5849) in others (adjusted odds ratio 4.6 (3.1 to 9.9), P<0.001). Case fatality was particularly high from the Gambia. There was an inverse correlation in mortality between region of presentation and number of cases seen in the region (R2=0.72, P<0.001). Most delay in fatal cases was in seeking care. Conclusions Most travellers acquiring malaria are of African heritage visiting friends and relatives. In contrast the risks of dying from malaria once acquired are highest in the elderly, tourists, and those presenting in areas in which malaria is seldom seen. Doctors often do not think of these as high risk groups for malaria; for this reason they are important groups to target in pre-travel advice

Lawful Hacking: Using Existing Vulnerabilities for Wiretapping on the Internet

For years, legal wiretapping was straightforward: the officer doing the intercept connected a tape recorder or the like to a single pair of wires. By the 1990s, however, the changing structure of telecommunications—there was no longer just “Ma Bell” to talk to—and new technologies such as ISDN and cellular telephony made executing a wiretap more complicated for law enforcement. Simple technologies would no longer suffice. In response, Congress passed the Communications Assistance for Law Enforcement Act (CALEA) which mandated a standardized lawful intercept interface on all local phone switches. Since its passage, technology has continued to progress, and in the face of new forms of communication—Skype, voice chat during multiplayer online games, instant messaging, etc.—law enforcement is again experiencing problems. The FBI has called this “Going Dark”: their loss of access to suspects’ communication. According to news reports, law enforcement wants changes to the wiretap laws to require a CALEA-like interface in Internet software. CALEA, though, has its own issues: it is complex software specifically intended to create a security hole—eavesdropping capability—in the already-complex environment of a phone switch. It has unfortunately made wiretapping easier for everyone, not just law enforcement. Congress failed to heed experts’ warnings of the danger posed by this mandated vulnerability, and time has proven the experts right. The so-called “Athens Affair,” where someone used the built-in lawful intercept mechanism to listen to the cell phone calls of high Greek officials, including the Prime Minister, is but one example. In an earlier work, we showed why extending CALEA to the Internet would create very serious problems, including the security problems it has visited on the phone system. In this paper, we explore the viability and implications of an alternative method for addressing law enforcements need to access communications: legalized hacking of target devices through existing vulnerabilities in end-user software and platforms. The FBI already uses this approach on a small scale; we expect that its use will increase, especially as centralized wiretapping capabilities become less viable. Relying on vulnerabilities and hacking poses a large set of legal and policy questions, some practical and some normative. Among these are: (1) Will it create disincentives to patching? (2) Will there be a negative effect on innovation? (Lessons from the so-called “Crypto Wars” of the 1990s, and in particular the debate over export controls on cryptography, are instructive here.) (3) Will law enforcement’s participation in vulnerabilities purchasing skew the market? (4) Do local and even state law enforcement agencies have the technical sophistication to develop and use exploits? If not, how should this be handled? A larger FBI role? (5) Should law enforcement even be participating in a market where many of the sellers and other buyers are themselves criminals? (6) What happens if these tools are captured and repurposed by miscreants? (7) Should we sanction otherwise illegal network activity to aid law enforcement? (8) Is the probability of success from such an approach too low for it to be useful? As we will show, these issues are indeed challenging. We regard the issues raised by using vulnerabilities as, on balance, preferable to adding more complexity and insecurity to online systems

Trends in imported childhood malaria in the UK: 1999-2003.

OBJECTIVE: To describe the epidemiology of imported malaria in children in the UK. METHODS: Surveillance data on children with imported malaria, collected through an enhanced surveillance network set up by the Malaria Reference Laboratory (London, UK), diagnosed between January 1999 and December 2003 were analysed. RESULTS: Over the 5-year study period, 9238 cases were reported to the Malaria Reference Laboratory, and children accounted for 1456 (14.8%) cases. The number of imported paediatric malaria cases fell from 326 in 1999 to 241 in 2003. Malarial infection occurred in children of all ages and the number of patients increased gradually with age. Visiting family and relatives was the most common reason for travel (59.5%), with only 7.2% travelling to an area endemic to malaria on holiday. Most infections (88.4%) were acquired in Africa, and mainly in Nigeria (49.7%). Plasmodium falciparum was responsible for 81.7% of all cases, followed by P. vivax (11.1%). The number of both P. falciparum and P. vivax cases fell gradually from 262 and 45 cases in 1999 to 196 and 20 cases in 2003, respectively. Malaria prophylaxis was taken by 39% of 500 children with malaria who had travelled to a country endemic to malaria. The proportion of children with malaria who had taken malaria prophylaxis decreased steadily from 53% in 1999 to 29% in 2003. Two (0.14%) children died compared with 62 (0.76%) adults over the 5-year study period (p = 0.007). CONCLUSIONS: Although the incidence of malaria has started to decline, a considerable number of children are still diagnosed with malaria in the UK. In addition, the proportion of children with malaria who had taken malaria prophylaxis is falling. Although it is reassuring to note the low mortality, there is an urgent need to improve preventive measures among families travelling to high-risk countries

Longitude : a privacy-preserving location sharing protocol for mobile applications

Location sharing services are becoming increasingly popular. Although many location sharing services allow users to set up privacy policies to control who can access their location, the use made by service providers remains a source of concern. Ideally, location sharing providers and middleware should not be able to access users’ location data without their consent. In this paper, we propose a new location sharing protocol called Longitude that eases privacy concerns by making it possible to share a user’s location data blindly and allowing the user to control who can access her location, when and to what degree of precision. The underlying cryptographic algorithms are designed for GPS-enabled mobile phones. We describe and evaluate our implementation for the Nexus One Android mobile phone

Moving Targets: Geographically Routed Human Movement Networks

We introduce a new communication paradigm, Human-to-human Mobile Ad hoc Networking (HuManet), that exploits smartphone capabilities and human behavior to create decentralized networks for smartphone-to-smartphone message delivery. HuManets support stealth command-and-control messaging for mobile BotNets, covert channels in the presence of an observer who monitors all cellular communication, and distributed protocols for querying the state or content of targeted mobile devices. In this paper, we introduce techniques for constructing HumaNets and describe protocols for efficiently routing and addressing messages. In contrast to flooding or broadcast schemes that saturate the network and aggressively consume phone resources (e.g., batteries), our protocols exploit human mobility patterns to significantly increase communication efficiency while limiting the exposure of HuManets to mobile service providers. Our techniques leverage properties of smartphones – in particular, their highly synchronized clocks and ability to discern location information – to construct location profiles for each device. HuManets’ fully-distributed and heuristic-based routing protocols route messages towards phones with location profiles that are similar to those of the intended receiver, enabling efficient message delivery with limited effects to end-to-end latency